On Thu, Dec 24, 1998 at 07:19:21PM -0500, Sam wrote:
> On Thu, 24 Dec 1998, John Gonzalez/netMDC admin wrote:
>
> > And would you agree that the more 'clueless' admins suffer from being
> > hacked?
>
> Yes. They'll suffer being hacked no matter what OS they are running. The
> same type of an individual who would plug the stock unpatched Solaris
> 2.6 into the ether is the same individual who would plug the stock
> unpatched Red Hat 5.1 into the ether.
Right. But RedHat is targeting these individuals as its userbase.
> Yes, and more cluefull Red Hat admins know to apply the most recent RPMs
> to any box that they bring up live, too.
Most clueful people will secure any box they put up that is connected to the internet
(even with a phone line). The fact is, RedHat's defaults are not secure. They SUID a
lot of programs and run a lot of unnecessary services. The fact that any other OS's
defaults are also not secure is irrelevant.
> Correct. Your incorrect assumption is that the specific operating system
> is the actual factor. It is not. It is the clue factor.
The specific problem is that users are being told that this operating system is
"secure", and they count on a base install to be secure. This means that the OS
vendor should do everything in their power to make it secure. Doing otherwise is
irresponsible. So is having an "Everything" install. NOBODY in the world needs every
single package installed.
Personally I like the Debian install because they make you select every single package
you want installed (besides a VERY limited base install). In my personal experience,
this has helped me avoid all of the recent Debian exploits, simply because I didn't
have the package installed.
--Adam
